SEP complains about Internet Email Auto-Protect
I'm beginning to evaluate SEP 11 for rollout and have hit a small snag. The SEP client complains that Internet Email Auto-Protect is disabled even though I have IEAP padlocked in the policy.
This is a clean MR2 MP1 install (11.0.2010.25 on the client).
The Group that the Client is in has Policy Inheritance disabled and has a non-shared AV policy that I created. IEAP and Lotus Notes are disabled and padlocked.
The Policy Serial Number on the client matches the Serial Number in the Group in SEPM. If I go to Troubleshooting in the client and Update the Policy Profile, nothing changes. However, if I do something to bump the Policy Serial Number in SEPM, the client gets the policy and the error/alert goes away. When the client is restarted, the error/alert comes back.
While the client is in "error mode" I can enable/disable IEAP and Lotus Notes at the client, although other aspects that are locked in the Policy (such as File System Auto-Protect) remain locked.
This issue seems similar, but not the same as this thread:
https://forums.symantec.com/syment/board/message?board.id=endpoint_protection11&message.id=9554
Any thoughts?
Thank you for your time,
Joe Wells
Comments
Anyone have any thoughts on this at all?
I don't think padlocking will make a difference. I think you need to exclude the feature from the client installation package you export - there are a number of things you can configure in client installation package settings and client installation package features. If the feature is installed but the policy disables it, it will show on the client as a problem, although it does not affect the functions.
Hope this helps...
Can anyone confirm this?
The client on this machine appears to behave the way I think it should (Internet Email Auto Protect is disabled, padlock, and shows green) and then it all goes wonky.
Also, when the error condition returns my Weekly Scan disappears under configured scans and Rtvscan.exe kicks up and seems to start a scan. The SEP client doesn't show that it's doing a scan, though.
I've run CleanWipe and reinstalled, but get the same result.
I don't think IEAP is a "feature" that you can exclude from installation. I believe it's part of the Antivius / Antispyware "feature".
To the OP, sorry, don't have any help for you other than you should open a case with Symantec for support.
The Client Install Feature Set allows you to decide whether or not you want to install POP3/SMTP, Outlook or Lotus Notes - separately. So if you only want Outlook, for example, unselect the others. You can only do this to a set you have created - these options are greyed out if you edit one of the standard sets that come with the installation.
I really didn't know that. I looked at the client installation settings before I posted and didn't see any of those options. Thanks for correcting me. :smileyhappy:
EDIT: Okay, I now can admit I never looked at the client feature sets settings until now. Sorry!
Would you like to reply?
Login or Register to post your comment.